My nix-config (NixOS + nix-darwin).
This configuration assumes this repository is cloned into ~/nix-config.
├── flake.nix # Main flake configuration
├── hosts/ # Per-host system configurations
│ ├── onix/
│ ├── altaria/
│ ├── trubbish/
│ └── applin/
├── modules/
│ ├── common/
│ │ ├── hostclass/
│ │ └── home/ # User-specific home-manager config
│ ├── nixos/
│ │ ├── hostclass/
│ │ └── homelab/ # Self-hosted services
│ └── darwin/
│ └── hostclass/
├── apps/ # Application dotfiles
├── meta/ # Shared metadata
└── secrets.nix # Agenix secrets configuration
The configuration uses a layered hostclass inheritance system to promote
modularity and code reuse. Hostclasses can define properties and inherit
properties from one another, forming a directed acyclic graph. The graph should
have a single root hostclass: base.
A system managed via this configuration will have $HOSTCLASS defined.
Each host enables its hostclass via hostclass.<type>.enable = true.
# Example host configuration
{
hostclass.server.enable = true; # Automatically enables base
# Additional host-specific configuration...
}Secrets are managed using agenix for age-encrypted secrets:
- Encrypted secrets stored in
hosts/<name>/secrets/ - Secrets configuration defined in
secrets.nix - Age keys managed through SSH keys in
meta/default.nix
- Create host directory:
hosts/<hostname>/ - Define host configuration in
hosts/<hostname>/default.nix - Add hardware configuration:
hosts/<hostname>/hardware.nix - Register in
flake.nixusingmkNixosHostormkDarwinHost - Configure appropriate hostclass
For homelab services, add a module to
modules/nixos/homelab/, following NixOS
Modules convention.
Make sure to import the module in modules/nixos/homelab/default.nix.
- Define secret in
secrets.nix - Encrypt using
agenix -e <secret-name>.age